Dunghill Leak is the data extortion site operated by the Dark Angels ransomware group, active since early 2023, targeting large enterprises across healthcare, finance, industrial, and technology sectors using a highly selective non-affiliate model, and responsible for a record-breaking $75 million ransom payment in 2024.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
Dunghill Leak (Dark Angels affiliate)
*/
rule Dunghill_Note
{
meta:
author = "ransomware.live"
family = "ransomware.dunghill"
description = "Detects Dunghill / Dark Angels extortion note"
date = "2026-05-04"
severity = 7
score = 70
strings:
$s1 = "Dunghill" ascii nocase
$s2 = "DUNGHILL" ascii
$s3 = "Dark Angels" ascii nocase
condition:
any of them
}
Nuevatel PCS de Bolivia S.A., better known as VIVA, is a Bolivian wireless network operator and telecommunications company. It was founded in 1999. It is currently among the largest companies in the country. Viva is the third-largest wireless carrier in Bolivia, with a market share of 12.9%
ANDRADE GUTIERREZ is a Brazilian private multinational conglomerate headquartered in Belo Horizonte. As of 2013, Andrade Gutierrez is the second largest construction company in Brazil with branches in 44 countries and a net income of 8 billion BRL. In the engineering segment, AG operates in the construction of hydroelectric power plants, thermoelectric power plants, nuclear power plants, petrochemical plants, mining, steel industry, refineries, harbors, subways, sanitation and urbanization, airports, railroads, civil engineering.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Nuevatel | BO | Business Services | — | 15 jul 2024 |
| ANDRADE GUTIERREZ & ZAGOPE | BR | Construction | — | 27 may 2023 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética